It turns out the new boot ROM doesn't totally prevent the 24kpwn exploit employed by the Dev Team hackers. [See update below] The result? You can still jailbreak your late-model 3GS, but the device needs to be tethered to your computer in order to boot up. It's a major annoyance, especially given how crash-happy 3.1 phones—especially jailbroken ones—can be, but not necessarily a dealbreaker.

Anyhow, chances are it won't be this way for long—remember the iPod Touch 2G? It was jailbroken fairly quickly after launch, but it had a new, slightly more secure boot ROM, and there needed to be tethered in order to boot. A few weeks later, the hackers finished their thing, and there was moderate rejoicing. This chain of events, which is already under way again, is starting to read like a script.

UPDATE: Evidently, the boot ROM update does disable the 24kpwn exploit, which was the bit of code that allowed for untethered jailbreaks in the first place. For what it's worth, the Dev Team still sounds unfazed. [Gadget Lab]

The answer may be that it is not the actual QuickPwn software, but an iPhone-specific version of a web site called QuickPwn. However, the site's tag line is:

Download QuickPWN, jailbreak iPhone and iPod Touch, games and more!

It doesn't seem like the thing Apple would like to advertise openly. UPDATE: It's been pulled from the directory. The reasons for this are kind of obvious, but the QuickPWN gents think it might have been because the app was incorrectly filed under the "Games" category. They've re-filed under "News", so we'll see what happens. [Apple via TechCrunch]

Now, we're not saying we're surprised, or angry, or anything. It's beta software, and beta software is by definition not ready for everyday use. But in the pursuit of the latest and greatest thing, we all have learned that a little bit of inconsistency or crashiness is often a fair price to pay for being on the cutting edge.

Not so in iPhone 3.0. It's slow as hell, locks up on everything from launching an app to entering a phone number on the numeric keypad, sucks down battery life like an alcoholic who just found his first bottle of MD 20/20 in days, and so on. Add to that a lack of support for MMS as of yet and no apps to take advantage of the background notifications, and you have a fairly useless upgrade, right now. So let's roll it back.

Note: Your iPhone 3.0 OS backups (your phone settings, unsynched photos, text messages, etc) will not be compatible with 2.2.1 once you go back down. So make sure you have a backup from the 2.2.1 days to restore from, or else you'll be starting from scratch.

iPhone EDGE
If you're running OS X 10.5.6, you'll need to do the USB DFU fix outlined in our jailbreaking guide before proceeding.

1. With your phone plugged in, put it into DFU mode by holding both the power and home buttons for 10 seconds, then releasing power and continuing to hold down home until iTunes recognizes a phone in "recovery mode."

2. Download the 2.2.1 firmware .ipsw file from Apple. Hold down option (Mac) or shift (Windows) and click on restore. Choose the stock iPhone 2.2.1 file you just downloaded.

3. Let it do its thing, and you should be in business. Restore your backup should you have one, and proceed to jailbreaking if you want to.

iPhone 3G
On the iPhone 3G, the 3.0 software flashes the baseband (the chip that controls voice and data network traffic), which confuses iTunes when you try to downgrade. So you have to jump through a few more hoops to downgrade your 3G, but it's still easy enough.

1. Follow the first two steps above for iPhone EDGE, only using the iPhone 3G 2.2.1 firmware package of course. Again, OS X 10.5.6 users will have to do the USB driver switcheroo detailed above.

2. When it's done restoring, you'll get an error message that looks like this:

As long as it's a four-digit error number like 10xx, don't worry, that's just iTunes telling you it's confused by the updated baseband on your phone. Everything will work fine, but unfortunately your phone will be stuck in restore mode until you jailbreak it, which is what we're doing next.

3. For Mac (Windows users skip to step 8): Download a utility called iRecovery. This tool forces your phone to reboot out of restore mode, which is necessary for the QuickPwn jailbreak software to recognize it.

4. Go to the terminal and change to the iRecovery directory, wherever it is on your system, and type these two commands:

chmod 755 libusb-0.1.4.dylib
chmod 755 iRecovery

5. Next, copy the "libusb-0.1.4.dylib" file to the /usr/local/lib directory on your machine (you'll have to shift-command-G to go to this folder in Finder).

6. And finally, with your iPhone plugged in, go back to Terminal and type:

./iRecovery -s

You'll get a prompt, where you should then type "fsboot" (no quotes) and hit enter. If nothing happens after 10-15 seconds, type it again and hit enter again. Your phone should boot.

7. Download QuickPwn and jailbreak your phone (see our guide if you need help). Restore your 2.2.1 backup in iTunes, and you should be in business.

8. For Windows: After you restore to 2.2.1, you can skip straight to running QuickPwn to get your phone up and running.

And that's it. Enjoy an iPhone free of horrible slow-downs until summertime. Bigup to the tutorial over at thebigboss.org, which was very helpful in this endeavor.

Yes, all we have here is an annotated hour-long PowerPoint, and yes, almost all of the content is of interest only to the actual haxxors that gathered at 25C3 to watch, but for me, it's a thrill to hear these guys talk about the software that we've covered and used ourselves for so long. It's also a thrill to hear little tidbits like the 180 IP addresses inside apple that the Dev Team guys have tracked as frequent updaters of Pwnage and Quickpwn.

Up until this weekend in Berlin, most of the iPhone Dev Team had never met each other in person. And I only wish we could have gotten a quick camera pan over to the guys identified as the team members who wish to remain anonymous—in the corner, wearing "PwnApple" t-shirts, speaking Russian. [hackaday via BBG]